Memory system, method of controlling access to memory system, and mobile computing device

ABSTRACT

A memory system includes a nonvolatile memory and a controller that controls the nonvolatile memory. The controller is configured to generate information relating to encryption and decryption of data based on a location of the memory system and to enable at least one process of encrypting data to be written to the nonvolatile memory or decrypting data read from the nonvolatile memory by using the information.

CROSS-REFERENCE TO RELATED APPLICATION

This application is based upon and claims the benefit of priority fromJapanese Patent Application No. 2020-157075, filed Sep. 18, 2020, theentire contents of which are incorporated herein by reference.

FIELD

Embodiments described herein relate generally to a memory system, amethod of controlling access to a memory system, and a mobile computingdevice.

BACKGROUND

A read operation of data that is stored in a memory system is performedby applying a read voltage to a word line connected to a memory cell.When the memory system is stolen, it may be possible to easily accessthe data stored in the memory system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram illustrating an example of a configuration of afirst information processing device according to a first embodiment.

FIG. 2 is a diagram illustrating an example of reference voltageinformation according to the first embodiment.

FIG. 3 is a block diagram illustrating a configuration of acommunication processing device of the first embodiment.

FIG. 4 is a diagram illustrating an example of a first predeterminedrange according to the first embodiment.

FIG. 5 is a block diagram illustrating an example of a configuration ofa memory chip of the first embodiment.

FIG. 6 is a diagram illustrating an example of a configuration of amemory cell array of the first embodiment.

FIG. 7 is a diagram illustrating an example of a threshold voltagedistribution of memory cells of the first embodiment.

FIG. 8 is a diagram illustrating an example of a process flow of amemory system according to the first embodiment.

FIG. 9 is a diagram illustrating an example of a configuration of a CPUaccording to a first modification of the first embodiment.

FIG. 10 is a diagram illustrating an example of a NAND controlleraccording to the first modification of the first embodiment.

FIG. 11 is a diagram illustrating an example of a configuration of a CPUand a NAND controller according to the first modification of the firstembodiment.

FIG. 12 is a diagram illustrating an example of a configuration of amemory controller according to a second modification of the firstembodiment.

FIG. 13 is a diagram illustrating an example of a configuration of acommunication processing device of a second embodiment.

FIG. 14 is a diagram illustrating an example of a process flow of amemory system according to the second embodiment.

FIG. 15 is a diagram illustrating an example of a configuration of a CPUaccording to a first modification of the second embodiment.

FIG. 16 is a diagram illustrating an example of a configuration of aNAND controller according to the first modification of the secondembodiment.

FIG. 17 is a diagram illustrating an example of a configuration of a CPUand a NAND controller according to the first modification of the secondembodiment.

FIG. 18 is a diagram illustrating an example of a configuration of amemory controller according to a second modification of the secondembodiment.

FIG. 19 is a diagram illustrating an example of a configuration of aninformation processing system according to a third embodiment.

FIG. 20 is a diagram illustrating an example of a configuration of asecond information processing device of the third embodiment.

FIG. 21 is a diagram illustrating an example of a configuration of acommunication processing device of the third embodiment.

FIG. 22 is a diagram illustrating an example of a second predeterminedrange according to the third embodiment.

FIG. 23 is a diagram illustrating an example of a process flow of amemory system according to the third embodiment.

FIG. 24 is a diagram illustrating an example of a configuration of a CPUaccording to a first modification of the third embodiment.

FIG. 25 is a diagram illustrating an example of a configuration of aNAND controller according to the first modification of the thirdembodiment.

FIG. 26 is a diagram illustrating an example of a configuration of a CPUand a NAND controller according to the first modification of the thirdembodiment.

FIG. 27 is a diagram illustrating an example of a configuration of amemory controller according to a second modification of the thirdembodiment.

FIG. 28 is a diagram illustrating an example of a configuration of aninformation processing system according to a fourth embodiment, which isconnected to a time stamp server.

FIG. 29 is a diagram illustrating an example of a configuration of asecond information processing device of the fourth embodiment.

FIG. 30 is a diagram illustrating an example of a configuration of acommunication processing device of the fourth embodiment.

FIG. 31 is a diagram illustrating an example of a predetermined timerange according to the fourth embodiment.

FIG. 32 is a diagram illustrating an example of a process flow of amemory system according to the fourth embodiment.

FIG. 33 is a diagram illustrating an example of a configuration of a CPUaccording to a first modification of the fourth embodiment.

FIG. 34 is a diagram illustrating an example of a configuration of aNAND controller according to the first modification of the fourthembodiment.

FIG. 35 is a diagram illustrating an example of a configuration of a CPUand a NAND controller according to the first modification of the fourthembodiment.

FIG. 36 is a diagram illustrating an example of a configuration of amemory controller according to a second modification of the fourthembodiment.

DETAILED DESCRIPTION

Embodiments provide a memory system that can improve confidentiality ofdata stored therein.

In general, according to one embodiment, a memory system includes anonvolatile memory and a controller that controls the nonvolatilememory. The controller is configured to generate information relating toencryption and decryption of data based on a location of the memorysystem and to enable at least one process of encrypting data to bewritten to the nonvolatile memory or decrypting data read from thenonvolatile memory by using the information.

Hereinafter, an information processing system according to embodimentsis described with reference to the drawings. In the followingdescription, configurations having the same or similar functions aredesignated by the same reference numerals, and duplicate descriptionsmay be omitted. In this specification, the term. “based on XX” means“based on at least XX” and includes a case of being based on anotherelement in addition to XX. Further, the term. “based on XX” is notlimited to a case of directly using XX, but also includes a case ofbeing based on those obtained by performing calculation or processing onXX. “XX” is any element (for example, any kind of information).

In the present specification, the term “reading” may be referred to as“read”, and the term “writing” may be referred to as “write”. Further,in the present specification, the terms “write”, “memorize”, and “store”are used to have the same meaning. Therefore, these terms areinterchangeably read. In the present specification, the term“connection” is not limited to a mechanical connection but includes anelectrical connection. The term “being acquired” by a component in thepresent specification is not limited to a case of obtaining somethingfrom the outside of the component and also includes a case where thecomponent calculates something by itself. In the present specification,“per bit line” and “unit of bit line” can be interchangeably read as“per column” and “column unit”.

Further, in the present specification, the term “encryption anddecryption by using YY” is not limited to a case where encryption anddecryption are performed by directly using YY (that is, by using YYitself as key information), but also includes a case where encryptionand decryption are performed by indirectly using YY (for example, byusing key information generated by a calculation or a process on YY).“YY” is any element (for example, any kind of information).

First Embodiment

<Configuration of First Information Processing Device>

FIG. 1 is a diagram illustrating an example of a configuration of afirst information processing device 10 according to a first embodiment.The first information processing device 10 includes a memory system 20 aand a host device 20 b. According to the present embodiment, an accessto the memory system 20 a is limited based on a location of the memorysystem 20 a. The first information processing device 10 is provided, forexample, in a data center.

The memory system 20 a is connected to the host device 20 b. The hostdevice 20 b may be a server device, a personal computer, or amobile-type information processing device. The memory system 20 a isconfigured to function as an external storage device of the host device20 b. The host device 20 b can issue an access request (a read requestor a write request) to the memory system 20 a.

The memory system 20 a includes a memory controller 201, a NAND-typeflash memory (NAND memory) 202, an antenna 203, and a communicationprocessing device 204. The memory controller 201 and the NAND memory 202are connected to each other via a plurality of channels. The antenna 203and the communication processing device 204 are connected to each othervia a signal line. The communication processing device 204 and thememory controller 201 are connected to each other via another signalline. The memory controller 201 is an example of a “controller”. TheNAND memory 202 is an example of a “memory device”. The memorycontroller 201, the NAND memory 202, the antenna 203, and thecommunication processing device 204 are installed, for example, on aprinted board.

The antenna 203 receives radio waves transmitted from a satellite of aglobal navigation satellite system (GNSS). Examples of the GNSS includea global positioning system (GPS).

The memory controller 201 includes a host interface controller (host I/Fcontroller) 2011, a random access memory (RAM) 2012, a read only memory(ROM) 2013, a central processing unit (CPU) 2014, an error correctingcode (ECC) circuit 2015, and a NAND controller 2016. These functionalunits are connected to each other via a bus. The memory controller 201is configured with, for example, a semiconductor integrated circuit suchas a System on a Chip (SoC) and these functional units are integrated inone chip. However, some of these functional units may be providedoutside the memory controller 201.

The host I/F controller 2011 controls the communication interfacebetween the host device 20 b and the memory system 20 a and controlsdata transmission between the host device 20 b and the RAM 2012 underthe control of the CPU 2014.

The RAM 2012 is, for example, a synchronous dynamic random access memory(SDRAM) or a static random access memory (SRAM), but the embodiment isnot limited thereto. The RAM 2012 functions as a buffer for datatransmission between the host device 20 b and the NAND memory 202. Inaddition, the RAM 2012 provides the CPU 2014 with a work area. Firmware(program) stored in the NAND memory 202 or the ROM 2013 is loaded intothe RAM 2012 during the operation of the memory system 20 a.

The CPU 2014 is an example of a hardware processor. The CPU 2014performs various processes, for example, by executing firmware loadedinto the RAM 2012. The configuration of the CPU 2014 and details of theprocesses performed by the CPU 2014 are described below. Note that aplurality of CPUs 2014 may be provided.

The ECC circuit 2015 encodes data to be written to the NAND memory 202(hereinafter, referred to as “write data”) for error correction. Ifthere is an error in data read from the NAND memory 202 (hereinafter,referred to as “read data”), the ECC circuit 2015 corrects the error ofthe read data based on an error correction code assigned during thewrite operation.

The NAND controller 2016 controls each channel (ch. 0 and ch. 1). TheNAND controller 2016 controls data transmission between the RAM 2012 andthe NAND memory 202 under the control of the CPU 2014.

The NAND memory 202 includes a plurality of (here, four) nonvolatilesemiconductor memory chips 2021. According to the present embodiment,the memory controller 201 includes two channels (ch. 0 and ch. 1). Thememory controller 201 may include one channel or three or more channels.In the example of FIG. 1 , two memory chips 2021 are connected to eachchannel. Note that one memory chip 2021 or three or more memory chips2021 may be connected to each channel.

Each channel includes an Input/Output (I/O) signal line, a controlsignal line, a chip enable (CE) signal line, and a ready (RY)/busy (BY)signal line. The I/O signal line transmits data, addresses, and variouscommands. The memory controller 201 transmits a read command, a writecommand, or an erase command to the memory chips 2021 via the I/O signalline. The control signal line may include a write enable (WE) signalline, a read enable (RE) signal line, a command latch enable (CLE)signal line, an address latch enable (ALE) signal line, and a writeprotect (WP) signal line. The CE signal line transmits a signalindicating that the memory chips 2021 are being selected. The RY/BYsignal line transmits a signal indicating whether the NAND memory 202 isoperating. The RY/BY signal line indicates a ready state (RY)corresponding to a non-in-operation state with a high level signal and abusy state (BY) corresponding to an in-operation state with a low levelsignal.

When the operation of the memory system 20 a starts, for example, readvoltage information 2012 a stored in the memory chip 2021 is loaded intothe RAM 2012. The read voltage information 2012 a is information to beused for setting a value of read voltage applied to each word line WLdescribed below, during the read operation of the NAND memory 202. Theread voltage information 2012 a includes reference voltage information2012 b. The memory cell in the memory chip 2021 stores data according toa threshold voltage in a non-volatile manner. The threshold voltage ofthe memory cell may change due to stress such as program disturb, readdisturb, or data retention. Therefore, the read voltage information 2012a may include information relating to a correction value for correctingthe read voltage.

FIG. 2 is a diagram illustrating an example of the reference voltageinformation 2012 b included in the read voltage information 2012 a. InFIG. 2 , values of VAD to VGD are values indicating reference values(for example, initial setting values) of read voltages VA to VG,respectively. The reference voltage information 2012 b may be setcommonly (i.e., set to the same value) for the plurality of memory chips2021. Alternatively, the reference voltage information 2012 b mayindependently set for each memory chip 2021.

The memory controller 201 calculates a value of a read voltage to beapplied to each word line WL based on the read voltage information 2012a. The memory controller 201 instructs the NAND memory 202 to apply theread voltage of the calculated value.

<Configuration of Communication Processing Device>

FIG. 3 is a diagram illustrating an example of a configuration of thecommunication processing device 204. The communication processing device204 may be a semiconductor integrated circuit such as a centralprocessing unit (CPU), a field programmable gate array (FPGA), and anapplication specific integrated circuit (ASIC). The communicationprocessing device 204 is programmed or configured to function as anacquisition unit 204 a, a specifying unit 204 b, a signature unit 204 c,a first determination unit 204 d, a generation unit 204 e, and an accessprocessing unit 204 f.

The acquisition unit 204 a receives radio waves from a satellite via theantenna 203.

The specifying unit 204 b specifies a location of the memory system 20 abased on the radio waves received by the acquisition unit 204 a. Forexample, the specifying unit 204 b specifies the location of the memorysystem 20 a based on the radio waves received by the acquisition unit204 a respectively from four different satellites. Specifically, theradio waves include information of identifiers unique to the satellitesthat have transmitted the radio waves and information of the time whenthe radio waves were transmitted. The specifying unit 204 b calculatesdistances between the memory system 20 a and the four respectivesatellites from the propagation speed of radio waves (that is, the speedof light), the transmission time of the radio waves, and the receptiontime of the radio waves. Also, the specifying unit 204 b specifies thelocation of the memory system 20 a by determining a point at which theobtained four distances intersect with each other. Note that, in thecalculation, the location of the memory system 20 a can be specifiedwith information on at least three distances. However, each timeincludes a slight error caused by the accuracy of a clock. Therefore,the specifying unit 204 b adds information of another distance to theinformation of three distances to correct the error. The location may beindicated by, for example, latitude and longitude. However, the locationmay be indicated by an altitude in addition to the latitude and thelongitude.

The signature unit 204 c generates predetermined signature data for thelocation data of the memory system 20 a specified by the specifying unit204 b. For example, the signature unit 204 c generates the predeterminedsignature data for the location data by using a private key based on theRSA algorithm. The private key is stored in a hardware security moduledevice such as a universal serial bus (USB) dongle. According to thisprocess of the signature unit 204 c, thereafter, the falsification ofthe location of the memory system 20 a specified by the specifying unit204 b can be prevented.

The first determination unit 204 d determines whether the location ofthe memory system 20 a specified by the specifying unit 204 b is withina first predetermined range. The first predetermined range is set as alocation in which the memory system 20 a is permitted to be accessedfrom outside to the memory system 20 a via the host device 20 b. Forexample, if the inside of a data center is set as the firstpredetermined range, the allowable ranges are respectively set withrespect to the latitude and the longitude of the data center inconsideration of the size of the data center, and an accuracy of thelocation of the memory system 20 a specified by the specifying unit 204b. This first predetermined range is loaded from the memory chip 2021 tothe RAM 2012 at the time of the operation start of the memory system 20a. FIG. 4 is a diagram illustrating an example of the firstpredetermined range. In FIG. 4 , with respect to the latitude and thelongitude of the location where the memory system 20 a is installed, theallowable ranges of the latitude and the allowable ranges of thelongitude are defined to indicate the first predetermined range. Thefirst determination unit 204 d reads the information relating to thefirst predetermined range. The first determination unit 204 d candetermine whether the location of the memory system 20 a is within thefirst predetermined range, by comparing the read first predeterminedrange and the location of the memory system 20 a specified by thespecifying unit 204 b.

The generation unit 204 e generates an encryption key used when the datais encrypted, based on the location of the memory system 20 a specifiedby the specifying unit 204 b. The generation unit 204 e may generatedifferent encryption keys according to the location of the memory system20 a. The encryption key is an example of information relating to theencryption and decryption of data. For example, the first determinationunit 204 d determines, for example, that the location of the memorysystem 20 a is within the first predetermined range, the generation unit204 e generates the encryption key. In addition, if the firstdetermination unit 204 d determines that the location of the memorysystem 20 a is outside the first predetermined range, the generationunit 204 e does not generate the encryption key.

If the memory system 20 a receives a read request of data from theoutside via the host device 20 b, the generation unit 204 e generates adecryption key to be used when the encrypted data is decrypted, based onthe location of the memory system 20 a specified by the specifying unit204 b. The generation unit 204 e may generate different decryption keysaccording to the location of the memory system 20 a. The decryption keyis an example of information relating to the encryption and decryptionof data. For example, if the memory system 20 a receives the readrequest of data from the outside via the host device 20 b and the firstdetermination unit 204 d determines that the location of the memorysystem 20 a is within the first predetermined range, the generation unit204 e generates the decryption key. In addition, if the memory system 20a receives the read request of data from the outside via the host device20 b and the first determination unit 204 d determines that the locationof the memory system 20 a is outside the first predetermined range, thegeneration unit 204 e does not generate the decryption key.

In addition, the generation unit 204 e determines whether signature datagenerated for the location data of the memory system 20 a is thesignature data of the signature unit 204 c, by using a predeterminedpublic key. The predetermined public key is paired with the private keyused by the signature unit 204 c to generate the signature data. Thatis, the predetermined public key is a public key used for decrypting thesignature data to data that can be read by the generation unit 204 e.

If the generation unit 204 e generates the information relating to theencryption and decryption of data, the access processing unit 204 fenables at least one of a process of encrypting data written to the NANDmemory 202 by the CPU 2014 or a process of decrypting the data read fromthe NAND memory 202 by the CPU 2014, by using the information relatingto the encryption and decryption of data generated by the generationunit 204 e.

For example, if the memory system 20 a receives a write request of dataand the generation unit 204 e generates the encryption key, the accessprocessing unit 204 f transmits the encryption key generated by thegeneration unit 204 e to the memory controller 201. The CPU 2014 of thememory controller 201 encrypts the write data to be written to the NANDmemory 202 by using the encryption key. Also, the NAND controller 2016of the memory controller 201 writes the encrypted data to the NANDmemory 202.

For example, the memory system 20 a receives a read request of data, andthe generation unit 204 e generates the decryption key, the accessprocessing unit 204 f transmits the decryption key generated by thegeneration unit 204 e to the memory controller 201. The NAND controller2016 of the memory controller 201 reads the encrypted data from the NANDmemory 202. Also, the CPU 2014 of the memory controller 201 decrypts theencrypted data read from the NAND memory 202 by using the decryption keygenerated by the generation unit 204 e.

<Configuration of Memory Chip>

FIG. 5 is a diagram illustrating an example of a configuration of thememory chip 2021. The memory chip 2021 includes, for example, an I/Osignal processing circuit 2021 a, a control signal processing circuit2021 b, a chip control circuit 2021 c, a RY/BY generation circuit 2021d, a command register 2021 e, an address register 2021 f, a row decoder2021 g, a column decoder 2021 h, a data register 2021 i, a senseamplifier 2021 j, and a memory cell array 2021 k.

The I/O signal processing circuit 2021 a is a buffer circuit fortransmitting and receiving an I/O signal between the memory controller201 and the memory chip 2021. A command, an address for designating anaccess destination, and data, which are latched by the I/O signalprocessing circuit 2021 a, are stored in the command register 2021 e,the address register 2021 f, and the data register 2021 i, respectively.

The address stored in the address register 2021 f includes a chipnumber, a row address, and a column address. The chip number isidentification information for distinguishing the memory chips 2021. Thechip number, the row address, and the column address are sent to thechip control circuit 2021 c, the row decoder 2021 g, and the columndecoder 2021 h, respectively.

The control signal processing circuit 2021 b receives the controlsignal. The control signal processing circuit 2021 b executes thedistribution of the I/O signal received by the I/O signal processingcircuit 2021 a to a particular storage destination, based on thereceived control signal. The control signal processing circuit 2021 balso transmits the received control signal to the chip control circuit2021 c.

The chip control circuit 2021 c is a circuit that transitions a statebased on various control signals received via the control signalprocessing circuit 2021 b. The chip control circuit 2021 c controlsoperations of the memory chips 2021.

The RY/BY generation circuit 2021 d transitions the state of the RY/BYsignal line between the ready state (RY) and the busy state (BY) underthe control of the chip control circuit 2021 c.

The sense amplifier 2021 j senses states of memory cells MT (see FIG. 6) in the memory cell array 2021 k in the read operation. The senseamplifier 2021 j generates read data based on the sensed state. Thesense amplifier 2021 j stores the generated read data to the dataregister 2021 i. The read data stored in the data register 2021 i issent to the I/O signal processing circuit 2021 a via a data line andtransmitted from the I/O signal processing circuit 2021 a to the memorycontroller 201.

The memory cell array 2021 k includes the plurality of memory cells MTand stores data. Specifically, the memory cell array 2021 k includes aplurality of physical blocks BLK (see FIG. 6 ). Each physical block BLKincludes the plurality of memory cells MT. The physical blocks BLK is aminimum unit of erasing data. That is, all data stored in one physicalblock BLK are collectively erased. In the following, the “physicalblock” is simply referred to as a “block”.

Operations of the row decoder 2021 g and the column decoder 2021 h aredescribed below.

<Configuration of Memory Cell Array>

FIG. 6 is a diagram illustrating an example of a configuration of thememory cell array 2021 k. The memory cell array 2021 k is, for example,a NAND-type flash memory having a three-dimensional structure in whichthe plurality of memory cells MT are arranged in a three-dimensionalmanner. The memory cell array 2021 k includes the plurality of blocksBLK (BLK0, BLK1, and the like). For example, the memory cell array 2021k includes hundreds to thousands of blocks BLK.

As illustrated in FIG. 6 , m (m is a natural number) bit lines BL (BL0to BLm−1) are connected to a plurality of (for example, m) strings STRin each block BLK. Each string STR includes one first select gatetransistor ST, the plurality of memory cells MT (MT0 to MT7), and onesecond select gate transistor DT. The first select gate transistor ST,the plurality of memory cells MT, and the second select gate transistorDT are connected in series in this order between a source line CELSRCand one bit line BL. The plurality of bit lines BL (BL0 to BLm−1) andthe plurality of (m) strings STR respectively connected thereto make upone string unit SU. Each of the blocks BLK includes the plurality of(for example, four) string units SU (SU0 to SU3).

A control gate electrode of the first select gate transistor ST isconnected to a first select gate line (source-side select gate line)SGSL. The first select gate line SGSL is a control signal line thatcontrols the control gate electrode of the first select gate transistorST. The first select gate transistor ST is selectively connected betweenthe plurality of memory cells MT and the source line CELSRC based on thevoltage applied via the first select gate line SGSL. The first selectgate line SGSL may be connected independently to each of the stringunits SU (SU0 to SU3).

The control gate electrodes of the second select gate transistors DT areconnected to second select gate lines (drain-side select gate lines)SGDL (SGDL0 to SGDL3). The second select gate lines SGDL are controlsignal lines for controlling the control gate electrodes of the secondselect gate transistors DT. The second select gate transistors DT areselectively connected between the plurality of memory cells MT and thebit lines BL based on the voltage applied via the second select gatelines SGDL.

Each memory cell (memory cell transistor) MT is configured with a metaloxide semiconductor field effect transistor (MOSFET) having a stackedgate structure. The stacked gate structure includes, for example, afloating gate formed with a tunnel oxide film interposed therebetweenand a control gate electrode formed with a gate insulating filminterposed above the floating gate. The threshold voltage of the memorycell MT changes according to the number of charges accumulated in thefloating gate. In the memory cells MT, negative charges are injectedinto the floating gate by writing, and negative charges are removed fromthe floating gate by erasing. Any one of two or more data values can bewritten to each memory cell MT. Each memory cell MT stores one of one ormore data values in a non-volatile manner, according to the thresholdvoltage thereof.

In the blocks BLK, the control gate electrodes of the memory cells MTare connected to the corresponding word lines WL, respectively. Forexample, the word lines WL0 to WL7 are connected to the control gateelectrodes of the memory cells MT0 to MT7, respectively. The word linesWL are control signal lines for selecting a group of the memory cells MTarranged in one row in the memory cell array 2021 k and are commonlyconnected to one group of memory cells MT arranged in one row. Thememory cells MT are provided at intersections between the word lines WLand the bit lines BL. The reading or writing from or to the memory cellsMT can be performed by applying a certain voltage to the word line WL(hereinafter, referred to as “the selected word line WL”) connected tothe memory cells MT from or to which the reading or writing isperformed. The reading and writing from and to the memory cells MT aredescribed below.

In each block BLK, the word lines WL corresponding to the same addressare commonly connected to the plurality of memory cells MT in thedifferent strings STR. A group of memory cells MT that share the wordline WL is referred to as a cell unit CU. Data is written collectivelyto and is read collectively from the plurality of memory cells MT in onecell unit CU. The storage capacity of one cell unit CU includes one or aplurality of pages.

The memory system 20 a may store a value of a plurality of bits in eachmemory cell MT. For example, if each memory cell MT stores a value of n(n≥2) bits, the storage capacity for each cell unit CU becomes equal tothe size of n pages. Here, a case where each memory cell MT operates ina triple-level cell (TLC) mode in which a value of three bits is storedis described as an example.

In the triple-level cell (TLC) mode, data for three pages is stored ineach cell unit CU connected to one word line WL. Among three pagesstored in a cell unit CU connected to one word line WL, a page to whichwriting is performed first is referred to as a lower page, a page towhich writing is performed after the lower page is referred to as amiddle page, and a page to which writing is performed after the middlepage is referred to as an upper page. In addition, a mode in which aprogram (that is, writing) is executed collectively to a part or all ofthe pages in one cell unit CU may be possible.

<Threshold Voltage Distribution of Memory Cell>

FIG. 7 is a diagram illustrating threshold voltage distributions of thememory cells MT. In FIG. 7 , the horizontal axis represents thethreshold voltages of the memory cells MT, and the vertical axisrepresents the number of memory cells MT having a certain thresholdvoltage. If each memory cell MT operates in a triple-level cell (TLC)mode, the threshold voltage distribution of the memory cells MT includeseight distributions (lobes).

In the triple-level cell (TLC) mode, each memory cell MT can storeeight-value data “xyz” defined by data “x” belonging to the upper page,data “y” belonging to the middle page, and data “z” belonging to thelower page. The values of the data “x”, the data “y”, and the data “z”are a binary data “0” or a binary data “1”.

The threshold voltage of each memory cell MT is controlled so as tobelong to any one of the eight states: ER state, A state, B state, Cstate, D state, E state, F state, and G state. The correspondencebetween each state and the data value of the eight-value data “xyz” aredetermined in advance. For example, a data value “111” is assigned tothe Er state. A data value “110” is assigned to the A state. A datavalue “100” is assigned to the B state. A data value “000” is assignedto the C state. A data value “010” is assigned to the D state. A datavalue “011” is assigned to the E state. A data value “001” is assignedto the F state. A data value “101” is assigned to the G state. Thecorrespondence of each state and the data value is not limited to theabove.

Return to FIG. 5 . Here, the row decoder 2021 g, the column decoder 2021h, the data register 2021 i, and the sense amplifier 2021 j of the NANDmemory 202 are described. The row decoder 2021 g, the column decoder2021 h, the data register 2021 i, and the sense amplifier 2021 j are apart of peripheral circuits for the memory cell array 2021 k. Theperipheral circuit performs access (reading, writing, and erasing) onthe memory cell array 2021 k based on the control by the chip controlcircuit 2021 c.

For example, in the write operation, the column decoder 2021 h selectsand activates the bit line BL corresponding to the column address. Thesense amplifier 2021 j causes the voltage of the bit line BL selected bythe column decoder 2021 h to be 0 volt. The row decoder 2021 g applies aprogramming pulse to the word line WL corresponding to the row address.The programming pulse is a pulse in which the voltage graduallyincreases at each application. Accordingly, charges are injected to thefloating gate of the memory cell MT at the intersection between theselected bit line BL and the selected word line WL. As a result, thethreshold voltage of the memory cell MT rises. The sense amplifier 2021j checks whether the threshold voltage of the memory cell MT as awriting target reaches the voltage in accordance with the data stored inthe data register 2021 i with each application of the programming pulse.According to the check result of the sense amplifier 2021 j, the rowdecoder 2021 g continues to apply the programming pulse until thethreshold voltage of the memory cell MT reaches the voltage inaccordance with the write data value.

On the other hand, in the read operation, the sense amplifier 2021 jpre-charges a power voltage Vcc to the bit line BL. The row decoder 2021g sequentially applies various levels of read voltages corresponding tothe different states, to the selected word line WL. In addition, the rowdecoder 2021 g applies a read pass voltage to the non-selected wordlines WL and causes the memory cells MT belonging to the non-selectedword lines WL to be in a conductive state. The sense amplifier 2021 jdetermines the data value stored in the memory cell MT of a readingtarget by detecting which read voltage causes the charges accumulated bythe pre-charge to flow out to the source line CELSRC.

For example, as illustrated in FIG. 7 , when the read voltage VA is setbetween the Er state and the A state, it is determined that the memorycell MT having a threshold voltage lower than the read voltage VAbelongs to the Er state. In addition, when the read voltage VB is setbetween the A state and the B state, it is determined that the memorycell MT having a threshold voltage lower than the read voltage VBbelongs to the Er state or the A state. In the same manner, asillustrated in FIG. 7 , when a read voltage is set between two adjacentstates, it is determined that the memory cell MT having a thresholdvoltage lower than the read voltage belongs to the state that has alower threshold voltage of the two states (or any state that has a stilllower threshold voltage than the state).

<Processing Performed in Memory System>

Subsequently, the process performed in the memory system 20 a isdescribed. FIG. 8 is a diagram illustrating an example of a process flowof the memory system 20 a.

When the memory system 20 a is booted, the CPU 2014 reads firmware fromthe NAND memory 202 or the ROM 2013 and loads the firmware into the RAM2012. Also, the CPU 2014 executes a first program PG1 included in thefirmware (Step S1). Here, the booting includes a state in which theelectric power of the memory system 20 a is switched from an OFF stateto an ON state so that the memory system 20 a can operate and a state inwhich the memory system 20 a resets so that the memory system 20 a canoperate. The CPU 2014 executes the first program PG1 to cause the memorysystem 20 a to be in a state of being able to receive an access requestfrom the outside via the host device 20 b.

Upon receiving an access request from the outside, the host device 20 boutputs the access request to the memory system 20 a. The CPU 2014receives the access request via the host I/F controller 2011.

When the CPU 2014 receives an access request, the acquisition unit 204 areceives radio waves from a satellite via the antenna 203 (Step S2).

The specifying unit 204 b specifies the location of the memory system 20a based on the radio waves received by the acquisition unit 204 a (StepS3). The signature unit 204 c generates the predetermined signature datafor the location data of the memory system 20 a specified by thespecifying unit 204 b (Step S4). By this process by the signature unit204 c, thereafter, the falsification of the location data of the memorysystem 20 a specified by the specifying unit 204 b can be prevented.

The first determination unit 204 d determines whether the signature datais the signature data of the signature unit 204 c (Step S5). If it isdetermined that the signature data is not the signature data of thesignature unit 204 c (No in Step S5), the first determination unit 204 dreturns the process to Step S2. If it is determined that the signaturedata is the signature data of the signature unit 204 c (Yes in Step S5),the first determination unit 204 d determines whether the location ofthe memory system 20 a specified by the specifying unit 204 b is withinthe first predetermined range (Step S6). The first determination unit204 d reads the information relating to the first predetermined range,for example, from the RAM 2012 of the memory controller 201. The firstdetermination unit 204 d compares the read first predetermined range andthe location of the memory system 20 a specified by the specifying unit204 b.

The generation unit 204 e generates the information relating to theencryption and decryption used when encrypting and decrypting the databased on the location of the memory system 20 a specified by thespecifying unit 204 b.

Specifically, if the first determination unit 204 d determines that thelocation of the memory system 20 a is outside the first predeterminedrange (No in Step S6), the generation unit 204 e does not generate theinformation relating to the encryption and decryption of data andreturns the process to Step S2.

If the first determination unit 204 d determines that the location ofthe memory system 20 a is within the first predetermined range (Yes inStep S6), the generation unit 204 e generates information relating tothe encryption and decryption of data (Step S7). The informationrelating to the encryption and decryption of data generated by thegeneration unit 204 e may be different according to the location of thememory system 20 a.

When the generation unit 204 e generates the information relating to theencryption and decryption of data, the access processing unit 204 fenables at least one of a process of encrypting data to be written tothe NAND memory 202 by the CPU 2014 or a process of decrypting the dataread from the NAND memory 202 by the CPU 2014, by using the informationrelating to the encryption and decryption of data generated by thegeneration unit 204 e (Step S8).

<Advantage>

Hereinabove, the first information processing device 10 of the firstembodiment has been described. In the first information processingdevice 10, the generation unit 204 e generates the information relatingto the encryption and decryption of data based on the location of thememory system 20 a. The access processing unit 204 f enables at leastone of a process of encrypting data to be written to the NAND memory 202by the CPU 2014 or a process of decrypting the data read from the NANDmemory 202 by the CPU 2014, by using the information relating to theencryption and decryption of data generated by the generation unit 204e.

With such a configuration of the memory system 20 a, a condition foraccessing the data stored in the NAND memory 202 can be limited, so thatwhen the condition is not satisfied, the information relating to theencryption and decryption of data is not generated. As a result, thepossibility of the leakage of the data stored in the memory system 20 ato the outside can be reduced by the first information processing device10 of the first embodiment. That is, by the first information processingdevice 10 of the first embodiment, the confidentiality of the data inthe memory system 20 a can be improved.

In addition, the information relating to the encryption and decryptionof data generated by the generation unit 204 e may be differentaccording to the location of the memory system 20 a. In this manner, ifthe location of the memory system 20 a when the data is read isdifferent from the location of the memory system 20 a when the data waswritten, the data cannot be correctly decrypted. As a result, theconfidentiality of data in the memory system 20 a can be improved.

First Modification of First Embodiment

In the first embodiment described above, the description is made sothat, in the memory system 20 a, the communication processing device 204is programmed or configured to function as the acquisition unit 204 a,the specifying unit 204 b, the signature unit 204 c, the firstdetermination unit 204 d, the generation unit 204 e, and the accessprocessing unit 204 f. However, according to a first modification of thefirst embodiment, in the memory system 20 a, a part or all of theacquisition unit 204 a, the specifying unit 204 b, the signature unit204 c, the first determination unit 204 d, the generation unit 204 e,and the access processing unit 204 f may be provided in the CPU 2014 orthe NAND controller 2016. For example, as illustrated in FIG. 9 , theCPU 2014 may include the functionality of all of the acquisition unit204 a, the specifying unit 204 b, the signature unit 204 c, the firstdetermination unit 204 d, the generation unit 204 e, and the accessprocessing unit 204 f. In addition, for example, as illustrated in FIG.10 , the NAND controller 2016 may include the functionality of all ofthe acquisition unit 204 a, the specifying unit 204 b, the signatureunit 204 c, the first determination unit 204 d, the generation unit 204e, and the access processing unit 204 f. In addition, for example, asillustrated in FIG. 11 , the CPU 2014 may include the functionality ofthe acquisition unit 204 a, the specifying unit 204 b, and the signatureunit 204 c, and the NAND controller 2016 may include the functionalityof the first determination unit 204 d, the generation unit 204 e, andthe access processing unit 204 f.

Second Modification of First Embodiment

According to a second modification of the first embodiment, in thememory system 20 a, the functionality of a part or all of theacquisition unit 204 a, the specifying unit 204 b, the signature unit204 c, the first determination unit 204 d, the generation unit 204 e,and the access processing unit 204 f may be provided in the memorycontroller 201, independently from the communication processing device204, the CPU 2014, and the NAND controller 2016. For example, asillustrated in FIG. 12 , the memory controller 201 may include thefunctionality of all of the acquisition unit 204 a, the specifying unit204 b, the signature unit 204 c, the first determination unit 204 d, thegeneration unit 204 e, and the access processing unit 204 f,independently from the communication processing device 204, the CPU2014, and the NAND controller 2016. Note that, in FIG. 12 , thedescriptions of the host interface controller 2011, the RAM 2012, theROM 2013, and the ECC circuit 2015 are omitted.

Second Embodiment

When the memory system 20 a is booted, in the first informationprocessing device 10 of the second embodiment, it is determined whetherto execute the first program PG1 included in firmware FW1 based on thelocation of the memory system 20 a.

<Configuration of Communication Processing Device>

FIG. 13 is a diagram illustrating an example of a configuration of thecommunication processing device 204. The communication processing device204 is programmed or configured to function as a second determinationunit 204 g and a booting unit 204 h in addition to the acquisition unit204 a, the specifying unit 204 b, the signature unit 204 c, the firstdetermination unit 204 d, the generation unit 204 e, and the accessprocessing unit 204 f.

The second determination unit 204 g determines whether to execute thefirst program PG1 based on the location of the memory system 20 a.

For example, if the first determination unit 204 d determines that thelocation of the memory system 20 a is within the first predeterminedrange, the second determination unit 204 g determines to execute thefirst program PG1. In addition, if the first determination unit 204 ddetermines that the location of the memory system 20 a is outside thefirst predetermined range, the second determination unit 204 gdetermines not to execute the first program PG1.

Based on the determination result of the second determination unit 204g, the booting unit 204 h causes the CPU 2014 of the memory controller201 to execute the first program PG1.

For example, if the second determination unit 204 g determines toexecute the first program PG1, the booting unit 204 h causes the CPU2014 to execute the first program PG1. In addition, if the seconddetermination unit 204 g determines not to execute the first programPG1, the booting unit 204 h does not cause the CPU 2014 to execute thefirst program PG1.

<Process Performed in Memory System>

Subsequently, the process performed in the memory system 20 a isdescribed. FIG. 14 is a diagram illustrating an example of a processflow of the memory system 20 a.

When the memory system 20 a is booted, the second determination unit 204g of the communication processing device 204 determines whether toexecute the first program PG1 based on the location of the memory system20 a (Step S11). Specifically, if the first determination unit 204 ddetermines that the location of the memory system 20 a is within thefirst predetermined range, the second determination unit 204 gdetermines to execute the first program PG1. In addition, if the firstdetermination unit 204 d determines that the location of the memorysystem 20 a is outside the first predetermined range, the seconddetermination unit 204 g determines not to execute the first programPG1.

If the second determination unit 204 g determines to execute the firstprogram PG1 (Yes in Step S11), the booting unit 204 h causes the CPU2014 of the memory controller 201 to read the firmware from the ROM 2013(Step S12). Also, the CPU 2014 executes the first program PG1 includedin the firmware (Step S13). In this process of Step S13, the memorysystem 20 a enters a state of being able to receive an access requestfrom the outside. The memory system 20 a becomes ready to execute theprocesses subsequent to Step S1 illustrated in FIG. 8 .

If it is determined not to execute the first program PG1 (No in StepS11), the second determination unit 204 g ends the process.

<Advantage>

In the above, the first information processing device 10 of the secondembodiment has been described. In the memory system 20 a of the firstinformation processing device 10, the second determination unit 204 gdetermines whether to execute the first program PG1 based on thelocation of the memory system 20 a. The booting unit 204 h causes theCPU 2014 to execute the first program PG1 based on the determinationresult of the second determination unit 204 g.

In the first information processing device 10 of the first embodiment,the host device 20 b can issue a command to the memory system 20 aregardless of the location of the memory system 20 a. For example, ifthe location of the memory system 20 a is not within the firstpredetermined range, encrypted data cannot be read and new data cannotbe written. However, the memory system 20 a can receive the othercommand from the host device 20 b even if the location thereof is notwithin the first predetermined range. On the other hand, in the firstinformation processing device 10 of the second embodiment, according tothe location of the memory system 20 a, the command issuance itself fromthe host device 20 b to the memory system 20 a can be disabled. Forexample, if the location of the memory system 20 a is not within thefirst predetermined range, even the recognition of the memory system 20a by the host device 20 b can be disabled. As a result, the firstinformation processing device 10 of the second embodiment can furtherreduce the possibility of the leakage of the data stored in the memorysystem 20 a to the outside, than the first information processing device10 of the first embodiment. That is, the first information processingdevice 10 of the second embodiment can further improve theconfidentiality of the data in the memory system 20 a than the firstinformation processing device 10 of the first embodiment.

First Modification of Second Embodiment

According to the above second embodiment, the description is made sothat, in the memory system 20 a, the communication processing device 204is programmed or configured to function as the acquisition unit 204 a,the specifying unit 204 b, the signature unit 204 c, the firstdetermination unit 204 d, the generation unit 204 e, the accessprocessing unit 204 f, the second determination unit 204 g, and thebooting unit 204 h. However, according to a first modification of thesecond embodiment, in the memory system 20 a, the functionality of apart or all of the acquisition unit 204 a, the specifying unit 204 b,the signature unit 204 c, the first determination unit 204 d, thegeneration unit 204 e, the access processing unit 204 f, the seconddetermination unit 204 g, and the booting unit 204 h may be provided inthe CPU 2014 or the NAND controller 2016. For example, as illustrated inFIG. 15 , the CPU 2014 may include the functionality of all of theacquisition unit 204 a, the specifying unit 204 b, the signature unit204 c, the first determination unit 204 d, the generation unit 204 e,the access processing unit 204 f, the second determination unit 204 g,and the booting unit 204 h. In addition, for example, as illustrated inFIG. 16 , the NAND controller 2016 may include the functionality of allof the acquisition unit 204 a, the specifying unit 204 b, the signatureunit 204 c, the first determination unit 204 d, the generation unit 204e, the access processing unit 204 f, the second determination unit 204g, and the booting unit 204 h. In addition, for example, as illustratedin FIG. 17 , the CPU 2014 may include the functionality of theacquisition unit 204 a, the specifying unit 204 b, the signature unit204 c, and the first determination unit 204 d, and the NAND controller2016 may include the functionality of the generation unit 204 e, theaccess processing unit 204 f, the second determination unit 204 g, andthe booting unit 204 h.

Second Modification of Second Embodiment

In a second modification of the second embodiment, in the memory system20 a, the functionality of a part or all of the acquisition unit 204 a,the specifying unit 204 b, the signature unit 204 c, the firstdetermination unit 204 d, the generation unit 204 e, the accessprocessing unit 204 f, the second determination unit 204 g, and thebooting unit 204 h may be provided in the memory controller 201,independently from the communication processing device 204, the CPU2014, and the NAND controller 2016. For example, as illustrated in FIG.18 , the memory controller 201 may include the functionality of all ofthe acquisition unit 204 a, the specifying unit 204 b, the signatureunit 204 c, the first determination unit 204 d, the generation unit 204e, the access processing unit 204 f, the second determination unit 204g, and the booting unit 204 h, independently from the communicationprocessing device 204, the CPU 2014, and the NAND controller 2016. Notethat, in FIG. 18 , the descriptions of the host interface controller2011, the RAM 2012, the ROM 2013, and the ECC circuit 2015 are omitted.

Third Embodiment

<Configuration of Information Processing System>

FIG. 19 is a diagram illustrating an example of a configuration of aninformation processing system 1 according to a third embodiment. Asillustrated in FIG. 19 , the information processing system 1 includesthe first information processing device 10 and a second informationprocessing device 20, which is an example of an external device. Thefirst information processing device 10 may be connected to the secondinformation processing device 20 via a network NW. In the informationprocessing system 1 according to the third embodiment, if the memorysystem 20 a receives an access request from the second informationprocessing device 20, it is determined whether the memory system 20 agenerates information relating to the encryption and decryption of data,based on the location data of the second information processing device20 transmitted from the second information processing device 20 togetherwith the request.

<Configuration of Second Information Processing Device>

FIG. 20 is a diagram illustrating an example of a configuration of thesecond information processing device 20. The second informationprocessing device 20 is a device for accessing data stored in the firstinformation processing device 10. The second information processingdevice 20 is, for example, a mobile-type information processing terminalsuch as a laptop PC. As illustrated in FIG. 20 , the second informationprocessing device 20 includes a communication unit 101, a processingunit 102, a first acquisition unit 103, a specifying unit 104, and asignature unit 105. The communication unit 101, the processing unit 102,the first acquisition unit 103, the specifying unit 104, and thesignature unit 105 may be implemented by one or a plurality ofintegrated circuits such as a central processing unit (CPU), a fieldprogrammable gate array (FPGA), and an application specific integratedcircuit (ASIC). In addition, the second information processing device 20includes an antenna 10 a.

The communication unit 101 communicates with the memory system 20 a viathe host device 20 b in the first information processing device 10.

The processing unit 102 attempts a process of writing data to the memorysystem 20 a or a process of reading data from the memory system 20 a,via the communication unit 101.

The first acquisition unit 103 receives radio waves from a satellite viathe antenna 10 a.

The specifying unit 104 specifies the location of the second informationprocessing device 20 based on the radio waves received by the firstacquisition unit 103. For example, the specifying unit 104 specifies thelocation of the second information processing device 20 in the samemanner as in the method of specifying the location of the memory system20 a by using the GPS by the specifying unit 204 b in the firstembodiment. That is, the specifying unit 104 specifies the location ofthe second information processing device 20 based on the radio wavesreceived respectively from four different satellites by the firstacquisition unit 103. The location may be indicated by latitude andlongitude. However, the location may be indicated by an altitude inaddition to the latitude and the longitude.

The signature unit 105 generates predetermined signature data for thelocation data of the second information processing device 20 to betransmitted to the first information processing device 10 together withan access request. For example, the signature unit 105 generates thepredetermined signature data for the location data by using a privatekey based on the RSA algorithm. The private key is stored in a hardwaresecurity module device such as a universal serial bus (USB) dongle.Also, the signature unit 105 transmits the location data to which thesignature data is added to the first information processing device 10,together with the access request.

<Configuration of Communication Processing Device>

FIG. 21 is a diagram illustrating an example of a configuration of thecommunication processing device 204 in the first information processingdevice 10. The communication processing device 204 is programmed orconfigured to function as a third determination unit 204 i and a firstverification unit 204 j in addition to the acquisition unit 204 a, thespecifying unit 204 b, the signature unit 204 c, the first determinationunit 204 d, the generation unit 204 e, the access processing unit 204 f,the second determination unit 204 g, and the booting unit 204 h.

The third determination unit 204 i determines whether the signature datais the signature data of the second information processing device 20, byusing a predetermined public key. The predetermined public key is pairedwith the private key used for generating the signature data by thesecond information processing device 20. That is, the predeterminedpublic key is a public key for decrypting the signature data into datathat can be read by the third determination unit 204 i.

If the third determination unit 204 i determines that the signature datais the signature data of the second information processing device 20,the first verification unit 204 j continues the process of the memorysystem 20 a. In addition, if the third determination unit 204 idetermines that the signature data is not the signature data of thesecond information processing device 20, the first verification unit 204j ends the process of the memory system 20 a.

If the third determination unit 204 i determines that the signature datais the signature data of the second information processing device 20,the first verification unit 204 j verifies whether the location of thesecond information processing device 20 indicated by the location dataof the second information processing device 20 received from the secondinformation processing device 20 is within a second predetermined range.The second predetermined range is set as a location of the secondinformation processing device 20 in which the second informationprocessing device 20 is permitted to access the memory system 20 a. Thissecond predetermined range is loaded from the memory chip 2021 to theRAM 2012, for example, at the time of the operation start of the memorysystem 20 a. FIG. 22 is a diagram illustrating an example of the secondpredetermined range. In FIG. 22 , with respect to the latitude and thelongitude in which the second information processing device 20 ispermitted to access the memory system 20 a, the allowable range of thelatitude and the allowable range of the longitude are defined toindicate the second predetermined range. The first verification unit 204j reads the information relating to the second predetermined rangewritten in the RAM 2012. The first verification unit 204 j can verifywhether the location of the second information processing device 20 iswithin the second predetermined range, by comparing the read secondpredetermined range and the location data of the second informationprocessing device 20 received from the second information processingdevice 20.

If the first verification unit 204 j verifies that the location of thesecond information processing device 20 is within the secondpredetermined range, the generation unit 204 e generates the informationrelating to the encryption and decryption of data.

For example, if a write request of data is received from the secondinformation processing device 20, the host device 20 b outputs the writerequest to the memory system 20 a. When the CPU 2014 receives the writerequest via the host I/F controller 2011 and the first verification unit204 j verifies that the location of the second information processingdevice 20 is within the second predetermined range, the generation unit204 e generates the encryption key based on the location of the memorysystem 20 a. In addition, if the first verification unit 204 j verifiesthat the location of the second information processing device 20 is notwithin the second predetermined range, the generation unit 204 e doesnot generate the encryption key.

For example, if a read request of data is received from the secondinformation processing device 20, the host device 20 b outputs the readrequest to the memory system 20 a. When the CPU 2014 receives the readrequest via the host I/F controller 2011 and the first verification unit204 j verifies that the location of the second information processingdevice 20 is within the second predetermined range, the generation unit204 e generates the decryption key based on the location of the memorysystem 20 a. In addition, if the first verification unit 204 j verifiesthat the location of the second information processing device 20 is notwithin the second predetermined range, the generation unit 204 e doesnot generate the decryption key.

When the generation unit 204 e generates the information relating to theencryption and decryption of data, the access processing unit 204 fenables at least one of a process of encrypting data to be written tothe NAND memory 202 by the CPU 2014 or a process of decrypting the dataread from the NAND memory 202 by the CPU 2014, by using the informationrelating to the encryption and decryption of data generated by thegeneration unit 204 e.

For example, if the generation unit 204 e generates the encryption key,the access processing unit 204 f transmits the encryption key generatedby the generation unit 204 e to the memory controller 201. The CPU 2014of the memory controller 201 encrypts the write data to be written tothe NAND memory 202 by using the encryption key. Also, the NANDcontroller 2016 of the memory controller 201 writes the encrypted datato the NAND memory 202.

In addition, for example, if the generation unit 204 e generates thedecryption key, the access processing unit 204 f transmits thedecryption key generated by the generation unit 204 e to the memorycontroller 201. The NAND controller 2016 of the memory controller 201reads the encrypted data from the NAND memory 202. Also, the CPU 2014 ofthe memory controller 201 decrypts the encrypted data read from the NANDmemory 202 by using the decryption key generated by the generation unit204 e.

<Process Performed in Memory System>

Subsequently, the process performed in the memory system 20 a isdescribed. FIG. 23 is a diagram illustrating an example of a processflow of the memory system 20 a.

The second information processing device 20 transmits the location datato which the signature data is added to the host device 20 b, togetherwith an access request. The host device 20 b transmits the location datato which the signature data is added to the memory system 20 a, togetherwith the access request.

The third determination unit 204 i of the communication processingdevice 204 determines whether the signature data is the signature dataof the second information processing device 20 by using thepredetermined public key (Step S21).

If it is determined that the signature data is not the signature data ofthe second information processing device 20 (No in Step S21), the thirddetermination unit 204 i ends the process.

If the third determination unit 204 i determines that the signature datais the signature data of the second information processing device 20(Yes in Step S21), the first verification unit 204 j verifies whetherthe location of the second information processing device 20 indicated bythe location data of the second information processing device 20received from the second information processing device 20 is within thesecond predetermined range (Step S22).

Specifically, the first verification unit 204 j reads the informationrelating to the second predetermined range written in the RAM 2012.Also, the first verification unit 204 j compares the read secondpredetermined range and the location data of the second informationprocessing device 20 received from the second information processingdevice 20.

If the first verification unit 204 j verifies that the location of thesecond information processing device 20 is not within the secondpredetermined range (No in Step S22), the process ends.

If the first verification unit 204 j verifies that the location of thesecond information processing device 20 is within the secondpredetermined range (Yes in Step S22), the generation unit 204 egenerates the information relating to the encryption and decryption ofdata (Step S23).

Specifically, if the first verification unit 204 j verifies that thelocation of the second information processing device 20 is within thesecond predetermined range, the generation unit 204 e generates theencryption key based on the location of the memory system 20 a. Theencryption key is an example of the information relating to theencryption and decryption of data. If the first verification unit 204 jverifies that the location of the second information processing device20 is not within the second predetermined range, the generation unit 204e does not generate the encryption key.

Specifically, if the first verification unit 204 j verifies that thelocation of the second information processing device 20 is within thesecond predetermined range, the generation unit 204 e generates thedecryption key based on the location of the memory system 20 a. Thedecryption key is an example of the information relating to theencryption and decryption of data. In addition, if the firstverification unit 204 j verifies that the location of the secondinformation processing device 20 is not within the second predeterminedrange, the generation unit 204 e does not generate the decryption key.

If the generation unit 204 e generates the information relating to theencryption and decryption of data, the access processing unit 204 fenables at least one of a process of encrypting data to be written tothe NAND memory 202 by the CPU 2014 or a process of decrypting the dataread from the NAND memory 202 by the CPU 2014, by using the informationrelating to the encryption and decryption of data generated by thegeneration unit 204 e (Step S6).

<Advantage>

In the above, the information processing system 1 according to the thirdembodiment has been described. In the memory system 20 a of theinformation processing system 1, if the third determination unit 204 idetermines that the signature data is the signature data of the secondinformation processing device 20, the first verification unit 204 jverifies whether the location of the second information processingdevice 20 indicated by the location data of the second informationprocessing device 20 received from the second information processingdevice 20 is within the second predetermined range.

With such a configuration of the memory system 20 a, it is possible todetermine the presence or absence of the falsification to the locationdata of the second information processing device 20 transmitted from thesecond information processing device 20 to the memory system 20 a.Accordingly, in the first information processing device 10 in theinformation processing system 1 according to the third embodiment, thecondition for accessing the data stored in the memory system 20 a can befurther limited as compared with the first information processing device10 of the first to second embodiments. If this condition is notsatisfied, the information relating to the encryption and decryption ofdata is not generated, and thus the data stored in the memory system 20a is not accessible. As a result, in the first information processingdevice 10 of the third embodiment, the possibility of the leakage of thedata stored in the memory system 20 a to the outside can be furtherreduced as compared with the first information processing device 10 ofthe first to second embodiments. That is, the first informationprocessing device of the third embodiment can further improve theconfidentiality of the data in the memory system 20 a than the firstinformation processing device 10 of the first to second embodiments.

First Modification of Third Embodiment

According to the above third embodiment, the description is made sothat, in the memory system 20 a, the communication processing device 204is programmed or configured to function as the acquisition unit 204 a,the specifying unit 204 b, the signature unit 204 c, the firstdetermination unit 204 d, the generation unit 204 e, the accessprocessing unit 204 f, the second determination unit 204 g, the bootingunit 204 h, the third determination unit 204 i, and the firstverification unit 204 j. However, according to a first modification ofthe third embodiment, in the memory system 20 a, the functionality of apart or all of the acquisition unit 204 a, the specifying unit 204 b,the signature unit 204 c, the first determination unit 204 d, thegeneration unit 204 e, the access processing unit 204 f, the seconddetermination unit 204 g, the booting unit 204 h, the thirddetermination unit 204 i, and the first verification unit 204 j may beprovided in the CPU 2014 or the NAND controller 2016. For example, asillustrated in FIG. 24 , the CPU 2014 may include the functionality ofall of the acquisition unit 204 a, the specifying unit 204 b, thesignature unit 204 c, the first determination unit 204 d, the generationunit 204 e, the access processing unit 204 f, the second determinationunit 204 g, the booting unit 204 h, the third determination unit 204 i,and the first verification unit 204 j. In addition, for example, asillustrated in FIG. 25 , the NAND controller 2016 may include thefunctionality of all of the acquisition unit 204 a, the specifying unit204 b, the signature unit 204 c, the first determination unit 204 d, thegeneration unit 204 e, the access processing unit 204 f, the seconddetermination unit 204 g, the booting unit 204 h, the thirddetermination unit 204 i, and the first verification unit 204 j. Inaddition, for example, as illustrated in FIG. 26 , the CPU 2014 mayinclude the functionality of the acquisition unit 204 a, the specifyingunit 204 b, the signature unit 204 c, the first determination unit 204d, and the generation unit 204 e, and the NAND controller 2016 mayinclude the functionality of the access processing unit 204 f, thesecond determination unit 204 g, the booting unit 204 h, the thirddetermination unit 204 i, and the first verification unit 204 j.

Second Modification of Third Embodiment

According to a second modification of the third embodiment, in thememory system 20 a, the functionality of a part or all of theacquisition unit 204 a, the specifying unit 204 b, the signature unit204 c, the first determination unit 204 d, the generation unit 204 e,the access processing unit 204 f, the second determination unit 204 g,the booting unit 204 h, the third determination unit 204 i, and thefirst verification unit 204 j are provided in the memory controller 201,independently from the communication processing device 204, the CPU2014, and the NAND controller 2016. For example, as illustrated in FIG.27 , the memory controller 201 may include the functionality of all ofthe acquisition unit 204 a, the specifying unit 204 b, the signatureunit 204 c, the first determination unit 204 d, the generation unit 204e, the access processing unit 204 f, the second determination unit 204g, the booting unit 204 h, the third determination unit 204 i, and thefirst verification unit 204 j, independently from the communicationprocessing device 204, the CPU 2014, and the NAND controller 2016. Notethat, in FIG. 27 , the descriptions of the host interface controller2011, the RAM 2012, the ROM 2013, and the ECC circuit 2015 are omitted.

Fourth Embodiment

In an information processing system 1 according to a fourth embodiment,the time period during which the second information processing device 20is permitted to access the memory system 20 a is limited, and the memorysystem 20 a verifies whether the access is during the permitted timeperiod.

<Configuration of Information Processing System>

FIG. 28 is a diagram illustrating an example of a configuration of theinformation processing system 1 according to the fourth embodiment. Theinformation processing system 1 includes the first informationprocessing device 10 and the second information processing device 20. Asillustrated in FIG. 28 , the information processing system 1 may beconnected to a server 30. The server 30 is a time stamp server thatissues a time stamp. The time stamp can be used to add, at a reliabletime, additional information to certain digital information that enablesto prove whether the content of the digital information is changed orfalsified after the reliable time.

<Configuration of Second Information Processing Device>

FIG. 29 is a diagram illustrating an example of a configuration of thesecond information processing device 20 of the fourth embodiment. Asillustrated in FIG. 29 , the second information processing device 20includes a second acquisition unit 106 in addition to the communicationunit 101, the processing unit 102, the first acquisition unit 103, thespecifying unit 104, and the signature unit 105. In addition, the secondinformation processing device 20 includes the antenna 10 a.

The second acquisition unit 106 acquires a time stamp from the server30.

The signature unit 105 generates predetermined signature data for thetime stamp to be transmitted to the first information processing device10 together with an access request and the location data of the secondinformation processing device 20. Also, the signature unit 105 transmitsthe time stamp to which the signature data is added to the firstinformation processing device 10, together with the access request andthe location data of the second information processing device 20.

<Configuration of Communication Processing Device>

FIG. 30 is a diagram illustrating an example of a configuration of thecommunication processing device 204. The communication processing device204 is programmed or configured to function as a second verificationunit 204 k in addition to the acquisition unit 204 a, the specifyingunit 204 b, the signature unit 204 c, the first determination unit 204d, the generation unit 204 e, the access processing unit 204 f, thesecond determination unit 204 g, the booting unit 204 h, the thirddetermination unit 204 i, and the first verification unit 204 j.

The second verification unit 204 k verifies whether the time indicatedby the time stamp received from the second information processing device20 is within a predetermined time range. The time stamp is an example oftime information. The predetermined time range is set as a time rangeduring which the second information processing device 20 is permitted toaccess the memory system 20 a. The predetermined time range is loadedfrom the memory chip 2021 into the RAM 2012, for example, at theoperation start of the memory system 20 a. FIG. 31 is a diagramillustrating an example of the predetermined time range. In FIG. 31 ,the predetermined time range is indicated by the start time and the endtime during which the second information processing device 20 isaccessible to the memory system 20 a. The second verification unit 204 kreads the predetermined time range (that is, accessible start time andaccessible end time) written in the RAM 2012. The second verificationunit 204 k can verify whether the time indicated by the time stamp ofthe second information processing device 20 is within the predeterminedtime range by comparing the read predetermined time range and the timeindicated by the time stamp received from the second informationprocessing device 20.

If the first verification unit 204 j verifies that the location of thesecond information processing device 20 is within the secondpredetermined range and the second verification unit 204 k verifies thatthe time indicated by the time stamp is within the predetermined timerange, the generation unit 204 e generates the information relating tothe encryption and decryption of data.

For example, when a write request of data is received from the secondinformation processing device 20, the host device 20 b outputs the writerequest to the memory system 20 a. The CPU 2014 receives the writerequest via the host I/F controller 2011. When the CPU 2014 receives thewrite request, if the first verification unit 204 j verifies that thelocation of the second information processing device 20 is within thesecond predetermined range, and the second verification unit 204 kverifies the time stamp is within the predetermined time range, thegeneration unit 204 e generates the encryption key based on the locationof the memory system 20 a. The encryption key is an example of theinformation relating to the encryption and decryption of data. Inaddition, when the CPU 2014 receives the write request, if the firstverification unit 204 j verifies that the location of the secondinformation processing device 20 is not within the second predeterminedrange, or the second verification unit 204 k verifies that the timestamp is not within the predetermined time range, the generation unit204 e does not generate the encryption key.

In addition, for example, when a read request of data is received fromthe second information processing device 20, the host device 20 boutputs the read request to the memory system 20 a. The CPU 2014receives the read request via the host I/F controller 2011. When the CPU2014 receives the read request, if the first verification unit 204 jverifies that the location of the second information processing device20 is within the second predetermined range, and the second verificationunit 204 k verifies that the time stamp is within the predetermined timerange, the generation unit 204 e generates the decryption key based onthe location of the memory system 20 a. The decryption key is an exampleof the information relating to the encryption and decryption of data. Inaddition, when the CPU 2014 receives the read request, if the firstverification unit 204 j verifies that the location of the secondinformation processing device 20 is not within the second predeterminedrange, or the second verification unit 204 k verifies that the timestamp is not within the predetermined time range, the generation unit204 e does not generate the decryption key.

If the generation unit 204 e generates the information relating to theencryption and decryption of data, the access processing unit 204 fenables at least one of a process of encrypting data to be written tothe NAND memory 202 by the CPU 2014 or a process of decrypting the dataread from the NAND memory 202 by the CPU 2014, by using the informationrelating to the encryption and decryption of data generated by thegeneration unit 204 e.

For example, if the generation unit 204 e generates the encryption key,the access processing unit 204 f transmits the encryption key generatedby the generation unit 204 e to the memory controller 201. The CPU 2014of the memory controller 201 encrypts the write data to be written tothe NAND memory 202 by using the encryption key. Also, the NANDcontroller 2016 of the memory controller 201 writes the encrypted datato the NAND memory 202. If the generation unit 204 e generates thedecryption key, the access processing unit 204 f transmits thedecryption key generated by the generation unit 204 e to the memorycontroller 201. The NAND controller 2016 of the memory controller 201reads the encrypted data from the NAND memory 202. Also, the CPU 2014 ofthe memory controller 201 decrypts the encrypted data read from the NANDmemory 202 by using the decryption key generated by the generation unit204 e.

<Process Performed in Memory System>

Subsequently, the process performed in the memory system 20 a isdescribed. FIG. 32 is a diagram illustrating an example of a processflow of the memory system 20 a.

The second information processing device 20 transmits the time stamp towhich the signature data is added to the host device 20 b, together withthe access request and the location data. The host device 20 b transmitsthe time stamp to which the signature data is added to the memory system20 a, together with the access request and the location data.

The third determination unit 204 i of the communication processingdevice 204 determines whether the signature data is the signature dataof the second information processing device 20 by using thepredetermined public key (Step S31).

If it is determined that the signature data is not the signature data ofthe second information processing device 20 (No in Step S31), the thirddetermination unit 204 i ends the process.

In addition, if the third determination unit 204 i determines that thesignature data is the signature data of the second informationprocessing device 20 (Yes in Step S31), the first verification unit 204j verifies whether the location of the second information processingdevice 20 indicated by the location data of the second informationprocessing device 20 received from the second information processingdevice 20 is within the second predetermined range (Step S32).

Specifically, the first verification unit 204 j reads the informationrelating to the second predetermined range written in the RAM 2012.Also, the first verification unit 204 j compares the read secondpredetermined range and the location data of the second informationprocessing device 20 received from the second information processingdevice 20.

If the first verification unit 204 j verifies that the location of thesecond information processing device 20 is not within the secondpredetermined range (No in Step S32), the first verification unit 204 jends the process.

If the first verification unit 204 j verifies that the location of thesecond information processing device 20 is within the secondpredetermined range (Yes in Step S32), the second verification unit 204k verifies whether the time stamp received from the second informationprocessing device 20 is within the predetermined time range (Step S33).

Specifically, the second verification unit 204 k reads the informationrelating to the predetermined time range written in the RAM 2012. Thesecond verification unit 204 k compares the read predetermined timerange and the time indicated by the time stamp received from the secondinformation processing device 20. The second verification unit 204 kverifies whether the time indicated by the time stamp is within thepredetermined time range.

If the second verification unit 204 k verifies that the time stamp isnot within the predetermined time range (No in Step S33), the secondverification unit 204 k ends the process.

If the second verification unit 204 k verifies that the time stamp iswithin the predetermined time range (Yes in Step S33), the generationunit 204 e generates the information relating to the encryption anddecryption of data (Step S23).

Specifically, when the host device 20 b receives the write request ofdata from the second information processing device 20, the host device20 b outputs the write request to the memory system 20 a. The CPU 2014receives the write request via the host I/F controller 2011. When theCPU 2014 receives the write request, if the first verification unit 204j verifies that the location of the second information processing device20 is within the second predetermined range, and the second verificationunit 204 k verifies that the time stamp received from the secondinformation processing device 20 is within the predetermined time range,the generation unit 204 e generates the encryption key based on thelocation of the memory system 20 a. The encryption key is an example ofthe information relating to the encryption and decryption of data. Inaddition, when the CPU 2014 receives the write request, if the firstverification unit 204 j verifies that the location of the secondinformation processing device 20 is not within the second predeterminedrange, or the second verification unit 204 k verifies that the timestamp received from the second information processing device 20 is notwithin the predetermined time range, the generation unit 204 e does notgenerate the encryption key.

Specifically, when the host device 20 b receives a read request of datafrom the second information processing device 20, the host device 20 boutputs the read request to the memory system 20 a. The CPU 2014receives the read request via the host I/F controller 2011. When the CPU2014 receives the read request, if the first verification unit 204 jverifies that the location of the second information processing device20 is within the second predetermined range, and the second verificationunit 204 k verifies that the time stamp received from the secondinformation processing device 20 is within the predetermined time range,the generation unit 204 e generates the decryption key based on thelocation of the memory system 20 a. The decryption key is an example ofthe information relating to the encryption and decryption of data. Inaddition, when the CPU 2014 receives the read request, if the firstverification unit 204 j verifies that the location of the secondinformation processing device 20 is not within the second predeterminedrange, or the second verification unit 204 k verifies that the timestamp received from the second information processing device 20 is notwithin the predetermined time range, the generation unit 204 e does notgenerate the decryption key.

If the generation unit 204 e generates the information relating to theencryption and decryption of data, the access processing unit 204 fenables at least one of a process of encrypting data to be written tothe NAND memory 202 by the CPU 2014 or a process of decrypting the dataread from the NAND memory 202 by the CPU 2014, by using the informationrelating to the encryption and decryption of data generated by thegeneration unit 204 e (Step S6).

<Advantage>

Hereinabove, the information processing system 1 according to the fourthembodiment has been described. In the memory system 20 a of theinformation processing system 1, the second verification unit 204 kverifies whether the time stamp received from the second informationprocessing device 20 is within the predetermined time range.

With such a configuration of the memory system 20 a, if the secondverification unit 204 k verifies that the time stamp received from thesecond information processing device 20 is not within the predeterminedtime range, the generation unit 204 e does not generate the informationrelating to the encryption and decryption of data. Therefore, in thefirst information processing device 10 of the fourth embodiment, thecondition for accessing the data stored in the memory system 20 a isfurther limited as compared with the first information processing device10 of the first to third embodiments. As a result, in the firstinformation processing device 10 of the fourth embodiment, thepossibility of leakage of the data stored in the memory system 20 a tothe outside can be further reduced than the first information processingdevice 10 of the first to third embodiments. That is, the firstinformation processing device 10 of the fourth embodiment can furtherimprove the confidentiality of the data in the memory system 20 a thanthe first information processing device 10 of the first to thirdembodiments.

First Modification of Fourth Embodiment

In the above fourth embodiment, the description is made so that, in thememory system 20 a, the communication processing device 204 isprogrammed or configured to function as the acquisition unit 204 a, thespecifying unit 204 b, the signature unit 204 c, the first determinationunit 204 d, the generation unit 204 e, the access processing unit 204 f,the second determination unit 204 g, the booting unit 204 h, the thirddetermination unit 204 i, the first verification unit 204 j, and thesecond verification unit 204 k. However, in a first modification of thefourth embodiment, in the memory system 20 a, the functionality of apart or all of the acquisition unit 204 a, the specifying unit 204 b,the signature unit 204 c, the first determination unit 204 d, thegeneration unit 204 e, the access processing unit 204 f, the seconddetermination unit 204 g, the booting unit 204 h, the thirddetermination unit 204 i, the first verification unit 204 j, and thesecond verification unit 204 k may be provided in the CPU 2014 or theNAND controller 2016. For example, as illustrated in FIG. 33 , the CPU2014 may include the functionality of all of the acquisition unit 204 a,the specifying unit 204 b, the signature unit 204 c, the firstdetermination unit 204 d, the generation unit 204 e, the accessprocessing unit 204 f, the second determination unit 204 g, the bootingunit 204 h, the third determination unit 204 i, the first verificationunit 204 j, and the second verification unit 204 k. In addition, forexample, as illustrated in FIG. 34 , the NAND controller 2016 mayinclude the functionality of all of the acquisition unit 204 a, thespecifying unit 204 b, the signature unit 204 c, the first determinationunit 204 d, the generation unit 204 e, the access processing unit 204 f,the second determination unit 204 g, the booting unit 204 h, the thirddetermination unit 204 i, the first verification unit 204 j, and thesecond verification unit 204 k. In addition, for example, as illustratedin FIG. 35 , the CPU 2014 may include the functionality of theacquisition unit 204 a, the specifying unit 204 b, the signature unit204 c, the first determination unit 204 d, the generation unit 204 e,and the access processing unit 204 f, and the NAND controller 2016 mayinclude the functionality of the second determination unit 204 g, thebooting unit 204 h, the third determination unit 204 i, the firstverification unit 204 j, and the second verification unit 204 k.

Second Modification of Fourth Embodiment

In addition, according to a second modification of the fourthembodiment, the functionality of a part or all of the acquisition unit204 a, the specifying unit 204 b, the signature unit 204 c, the firstdetermination unit 204 d, the generation unit 204 e, the accessprocessing unit 204 f, the second determination unit 204 g, the bootingunit 204 h, the third determination unit 204 i, the first verificationunit 204 j, and the second verification unit 204 k are provided in thememory controller 201, independently from the communication processingdevice 204, the CPU 2014, and the NAND controller 2016. For example, asillustrated in FIG. 36 , the memory controller 201 may include thefunctionality of all of the acquisition unit 204 a, the specifying unit204 b, the signature unit 204 c, the first determination unit 204 d, thegeneration unit 204 e, the access processing unit 204 f, the seconddetermination unit 204 g, the booting unit 204 h, the thirddetermination unit 204 i, the first verification unit 204 j, and thesecond verification unit 204 k, independently from the communicationprocessing device 204, the CPU 2014, and the NAND controller 2016. Notethat, in FIG. 36 , the descriptions of the host interface controller2011, the RAM 2012, the ROM 2013, and the ECC circuit 2015 are omitted.

In the embodiments and the modifications described above, the encryptionkey and the decryption key are described as independent ones, butaccording to another embodiment, the encryption key and the decryptionkey may be the same key.

In the above, some embodiments and modifications have been described butthe embodiments are not limited to the above examples. The aboveembodiments and modifications may be implemented in combination witheach other. A part or all of the functions of the memory controller 201may be implemented by hardware (circuit unit; including a circuitry)such as an application specific integrated circuit (ASIC), aprogrammable logic device (PLD), or a field programmable gate array(FPGA). In addition, the ordinal numbers such as “first” and “second” inthe present specification are provided for the convenience ofexplanation and may be rearranged in a different order.

While certain embodiments have been described, these embodiments havebeen presented by way of example only, and are not intended to limit thescope of the disclosure. Indeed, the novel embodiments described hereinmay be embodied in a variety of other forms; furthermore, variousomissions, substitutions and changes in the form of the embodimentsdescribed herein may be made without departing from the spirit of thedisclosure. The accompanying claims and their equivalents are intendedto cover such forms or modifications as would fall within the scope andspirit of the disclosure.

What is claimed is:
 1. A memory system comprising: a nonvolatile memory;and a controller configured to control the nonvolatile memory, whereinthe controller is configured to: verify whether a location of the memorysystem is within a first predetermined range, generate informationrelating to encryption and decryption of data based on the location ofthe memory system if the location is within the first predeterminedrange, not generate the information if the location is outside the firstpredetermined range, and enable at least one process of encrypting datato be written to the nonvolatile memory or decrypting data read from thenonvolatile memory by using the generated information.
 2. The memorysystem according to claim 1, wherein the controller is configured togenerate different information for different locations.
 3. The memorysystem according to claim 1, wherein the controller includes aprocessor, and the processor is programmed to generate the informationif the location is within the first predetermined range, and notgenerate the information if the location is outside the firstpredetermined range.
 4. The memory system according to claim 1, whereinthe controller is further configured to, in response to an accessrequest from an external device, the access request being received by ahost device of the memory system: verify whether the location of theexternal device is within a second predetermined range, generate theinformation if the location of the external device is within the secondpredetermined range, and not generate the information if the location ofthe external device is outside the second predetermined range.
 5. Thememory system according to claim 4, wherein the controller is furtherconfigured to: determine a time when the external device transmits theaccess request to the host, generate the information if the time iswithin a predetermined time range, and not generate the information ifthe time is outside the predetermined time range.
 6. The memory systemaccording to claim 5, wherein the external device is a first mobiledevice configured to communicate wirelessly with a second device thatincludes the host device and the memory system.
 7. The memory systemaccording to claim 1, further comprising: an antenna configured toreceive radio waves to be used for specifying the location of the memorysystem.
 8. The memory system according to claim 7, wherein the antennais an antenna configured to receive radio waves transmitted from aglobal navigation satellite system (GNSS) satellite.
 9. The memorysystem according to claim 1, wherein the controller is configured with aplurality of semiconductor integrated circuits.
 10. A method ofcontrolling access to a memory system including a nonvolatile memory anda controller configured to control reading data from the nonvolatilememory, comprising: determining a location of the memory system;verifying whether the location is within a first predetermined range; inthe controller, generating a key for decrypting data based on thelocation of the memory system, if the location is within the firstpredetermined range, wherein the key is not generated if the location isoutside the first predetermined range; and decrypting data read from thenonvolatile memory using the key.
 11. The method of claim 10, whereinthe controller generates different keys for different locations.
 12. Themethod of claim 10, wherein the controller includes a processor and theprocessor is programmed to generate the key if the location is withinthe first predetermined range, and not generate the key if the locationis outside the first predetermined range.
 13. The method of claim 10,wherein the memory system further includes an antenna configured toreceive radio waves to be used in determining the location of the memorysystem.
 14. The method of claim 13, wherein the antenna is an antennaconfigured to receive radio waves transmitted from a global navigationsatellite system (GNSS) satellite.
 15. A mobile computing devicecomprising: a host device; and a memory system including a nonvolatilememory and a controller configured to control writing data to andreading data from the nonvolatile memory, wherein the controller isconfigured to, in response to a request to read from the memory systemfrom another mobile computing device: verify whether a location of saidanother mobile computing device is within a predetermined range;generate a key relating to encryption and decryption of data based on alocation of the memory system, if the location of said another mobilecomputing device is within the predetermined range; not generate the keyif the location of said another mobile computing device is outside thepredetermined range; and enable at least one process of encrypting datato be written to the nonvolatile memory or decrypting data read from thenonvolatile memory by using the generated key.
 16. The mobile computingdevice of claim 15, wherein the location of said another mobilecomputing device is specified in the request.